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This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 



Listing of Claims; 



1. (Currently Amended) A card device for communication 
with an electronic device, comprising: 

a memory , on said card device #e^^ storing therein 
(1) an application program; (2) a security manager; and 
(3 ) a capabilities list associated with a ftsaid application 
program, said capabilities list including information 
regarding whether access to one or more resources^ for use 
by said application program is permitted- — and for otoring 
said application program and a occurity manager ; and 

a processing unit, on said card device, for executing 
said application program and said security manager, 

wherein upon said processing unit executing said 
application and said security manager, and when said 
executing application requests access to at least one 
of said one or more resources, said executing 
security manager ^eae selectively grant ing grant s 
access to said at least one of said one or more 
resources for use by said executing application 
program based at least in part on said information in 
said capabilities list. 

2. (Original) The card device of claim 1 wherein said 
one or more resources comprise at least one of data and 
functions . 
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3. (Original) The card device of claim 1 wherein said 
one or more resources comprise one or more resources external 
to said card device. 
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4. (Original) The card device of claim 3, further 
comprising at least one of: 

terminal side resources; and 
channels of a communications network. 



5. (Original) The card device of claim 1 wherein said 
one or more resources comprise one or more resources owned by 
at least one of said application program and another entity. 

6. (Currently Amended) The card device of claim 5 
wherein said other entity comprises at least one of : 

an operating system of said card device; and 
another application program. 

7. (Currently Amended) The card device of claim 1 
wherein said information in said capabilities list comprises 
information regarding at least one of: 

access rights; and 

information required for access to a resource. 

8. (Currently Amended) The card device of claim 1 
wherein said capabilities list comprises m emory atoroo a first 
capabilities list and said memory also stores a second 
capabilities list, said first capabilities list comprising a 
handle to link to said second capabilities list. 

9. (Original) The card device of claim 8 wherein said 
second capabilities list is associated with one or more of 
other application programs. 
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10. (Original) The card device of claim 1 wherein said 
application program is for requesting access to a resource. 
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11. (Currently Amended) The card device of claim 1 
wherein 

said application program is for transmitting a resource 
access request to asaid security manager; and 

said security manager is for transmitting a verify 
request to a verification program to examine said 
capabilities list to determine whether said application 
program is authorized to access said resource, and for 
performing or denying said requested action based at least 
in part on said examination. 

12. (Original) The card device of claim 11 wherein said 
security manager comprises an application program interface 
(API) . 

13. (Original) The card device of claim 11 wherein said 
security manager is for obtaining information regarding said 
requesting application program through one of inquiring at a 
context originating the resource access request and a parameter 
provided with said resource access request. 

14. (Original) The card device of claim 1, further 
comprising input/output means for receiving said capabilities 
list from at least one of a provider of said application 
program and an owner of said one or more resources. 

15. (Original) The card device of claim 1 wherein said 
capabilities list and said application program constitute a 
load package received by said card device. 



GUNNISON. McKAY & 

HODGSON, L.L.F. 
Gardai West Odicc Plaza 
1900 Garden Road. Suite 220 
Monicrey. CA 93940 

(831)65S^»80 
Fax (831)6554888 



16. (Original) The card device of claim 1 wherein said 
device is configured to modify said capabilities list based at 
least in part on a subsequently received capabilities update 
list associated with said application program- 
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17. (Currently Amended) The card device of claim 1 
wherein said card device is configured to delete said 
capabilities list or link and access rights upon receiving an 
instruction to delete said application program from the 
outside . 



18. (Original) The card device of claim 1 wherein 
said capabilities list is encrypted; and 

said processor is configured to decrypt said 
capabilities list . 

19. (Original) The card device of claim 1 wherein 

said capabilities list is cryptographically signed by 
at least one of a provider of said application program and 
an owner of said one or more resources; and 

said processor is configured to cryptographically 
authenticate said capabilities list. 

20. (Original) The card device of claim 19 wherein said 
processor is further configured to cryptographically 
authenticate said capabilities list when said capabilities list 
is stored on said device. 



21. (Original) The card device of claim 19 wherein said 
processor is further configured to cryptographically 
authenticate said capabilities list when said capabilities list 
is accessed, said capabilities list being successfully 
authenticated if a first fingerprint computed over said 
capabilities list upon storing capabilities list matches a 
second fingerprint computed over said capabilities list in 
response to a run-time request to use said capabilities list. 
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22. (Original) The card device of claim 1 wherein said 
application program comprises a plurality of modules. 

23. (Original) The card device of claim 1 wherein said 
application program comprises a Java application program or a 
Java Card™ applet . 

24. (Original) The card device of claim 1 wherein said 
capabilities list is embodied in a tag-length-value (TLV) 
structure. 



25. (Currently Amended) A method for controlling a card 
device, the card device for communication with an electronic 
device, the method comprising: 

storing , on said card device, an application program 
on said card device ; 

storing , on said card device, a capabilities list 
associated with said application progra m on oaid card 
device , said capabilities list comprising information 
regarding whether access to one or more resources for use 
by said application program is permitted ; and 

executing , on said card device, said application 
program and a security manager, 

wherein upon said executing application 
requesting access to at least one of said one or more 
resources, said exeucting security manager #e3? 
selectively grant s grant ing access to said at least 
one of said one or more resources for use by said 
application program based at least in part on said 
information in said capabilities list. 



GUNNISON, McKAY & 

HODGSON. L.L.P. 
Garden West Oflicc Plaza 
] 900 Garden Road. Suite 220 
Monterey. CA 93940 

(831)655^880 
Fax (831) 655-0888 



26. (Original) The method of claim 25 wherein said one 
or more resources comprise at least one of data and functions. 



Page 6 of 23 



Appl. No. 10/805,429 

Amdt. dated December 10, 2007 

Reply to Office Action of September 11, 2007 



27. (Original) The method of claim 25 wherein said one 
or more resources comprise one or more resources external to 
said card device. 



28. (Original) The method of claim 27 wherein said card 
device further comprises at least one of: 
terminal side resources; and 
channels of a communications network. 



29. (Original) The method of claim 25 wherein said one 
or more resources comprise one or more resources owned by at 
least one of said application program and another entity. 



30. (Original) The method of claim 29 wherein said other 
entity comprises at least one of: 

an operating system of said card device; and 
another application program. 



31. (Currently Amended) The method of claim 25 wherein 
said information in said capabilities list comprises 
information regarding at least one of: 
access rights; and 

information required for access to a resource. 



32. (Currently Amended) The method of claim 25 wherein 
oaid information included in oaid memory otorco said 
capabilities list comprises a first capabilities list and said 
method further comprises: 

storing, on said card device, a second capabilities 

list, said first capabilities list comprising a handle to 

link to said second capabilities list. 
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33. (Original) The card device of claim 32 wherein said 
second capabilities list is associated with one or more of 
other application programs. 

34. (Original) The method of claim 25 wherein said 
executing further comprises said application program requesting 
access to a resource. 



35. (Original) The method of claim 25 wherein said 
executing further comprises: 

said application program transmitting a resource access 
request to said security manager; and 

said security manager transmitting a verify request to 
a verification program to examine said capabilities list to 
determine whether said application program is authorized to 
access said resource, and performing or denying the 
requested action based at least in part on said examination. 

36. (Original) The method of claim 35 wherein said 
security manager comprises an application program interface 
(API) . 



37. (Currently Amended) The method of claim 35 wherein 
said security manager obtains information regarding said 
requesting application program through aodat least one of 
inquiring at a context originating said resource access 
request, and a parameter provided with said resource access 
request . 
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38. (Original) The method of claim 25, further 
comprising receiving said capabilities list from at least one 
of a provider of said application program and an owner of said 
one or more resources . 
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39. (Original) The method of claim 25 wherein said 
capabilities list and said application program are comprised in 
a load package received by said card device. 

40. (Original) The method of claim 25, further 
comprising modifying said capabilities list based at least in 
part on a subsequently received capabilities update list 
associated with said application program. 

41. (Original) The method of claim 25, further 
comprising deleting said capabilities list or link and access 
rights upon receiving an instruction to delete said application 
program from the outside. 

42. (Original) The method of claim 25 wherein 
^ said capabilities list is encrypted; and 

said method further comprises decrypting said 
capabilities list . 

43. (Original) The method of claim 25 wherein 

said capabilities list is cryptographically signed by 
at least one of a provider of said application program and 
an owner of said one or more resources; and 

said method further comprises cryptographically 
authenticating said capabilities list. 

44. (Original) The method of claim 25, further 
comprising cryptographically authenticating said capabilities 
list when said capabilities list is stored on said device. 
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45. (Original) The method of claim 25, further 
comprising cryptographically authenticating said capabilities 
list when said capabilities list is accessed, said capabilities 
list being successfully authenticated if a first fingerprint 
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computed over said capabilities list upon storing capabilities 
list matches a second fingerprint computed over said 
capabilities list in response to a run-time request to use said 
capabilities list . 

46. (Original) The method of claim 25 wherein said 
application program comprises a plurality of modules 

47. (Original) The method of claim 25 wherein said 
application program comprises a Java application program or a 
Java Card™ applet . 

48. (Original) The method of claim 25 wherein said 
capabilities list is embodied in a tag-length-value (TLV) 
structure . 
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49. (Currently Amended) A program storage device 
readable by a machine, embodying a program of instructions, 
executable by the machine to perform a method for controlling a 
card device, the card device for communication with an 
electronic device, the method comprising: 

storing , on said card device, an application program 
on aaid card dcvicQ ; 

storing , on said card device, a capabilities list 
associated with said application progra m on oaid card 
device , said capabilities list comprising information 
regarding whether access to one or more resources for use 
by said application program is permitted ; and 

executing , on said card device, said application 
program and a security manager, 

wherein upon said executing application 
requesting access to at least one of said one or more 
resources, said exeucting security manager #e3? 
selectively grant s granting access to said at least 
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one of said one or more resources for use by said 
application program based at least in part on said 
information in said capabilities list. 

50. (Original) The program storage device of claim 49 
wherein said one or more resources comprise at least one of 
data and functions. 

51. (Original) The program storage device of claim 4 9 
wherein said one or more resources comprise one or more 
resources external to said card device. 



52. (Original) The program storage device of claim 51 
wherein said card device further comprises at least one of: 
terminal side resources; and 
channels of a communications network. 

.53. (Original) The program storage device of claim 49 
wherein said one or more resources comprise one or more 
resources owned by at least one of said application program and 
another entity. 

54. (Original) The program storage device of claim 53 
wherein said other entity comprises at least one of: 

an operating system of said card device; and 
another application program. 

55. (Currently Amended) The program storage device of 
claim 49 wherein said information in said capabilities list 
comprises information regarding at least one of: 

access rights; and 

information required for access to a resource. 
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56. (Currently Amended) The program storage device of 
claim 49 wherein oaid information included in oaid memory 
atorco said capabilities list comprises a first capabilities 
list and said method further comprises: 

storing, on said card device/ a second capabilities 
list, said first capabilities list comprising a handle to 
link to said second capabilities list. 

57. (Original) The program storage device of claim 56 
wherein said second capabilities list is associated with one or 
more of other application programs. 

58. (Original) The program storage device of claim 49 
wherein said executing further comprises said application 
program requesting access to a resource; and 

59. (Original) The program storage device of claim 49 
wherein said executing further comprises: 

said application program transmitting a resource 
access request to said security manager; and 

said security manager transmitting a verify request 
to a verification program to examine said capabilities 
list to determine whether said application program is 
authorized to access said resource, and performing or 
denying the requested action based at least in part on 
said examination. 



60. (Original) The program storage device of claim 59 
wherein said security manager comprises an application program 
interface (API) . 
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61. (Currently Amended) The program storage device of 
claim 59 wherein said security manager obtains information 
regarding said requesting application program through eftdat 
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least one of inquiring at a context originating said resource 
access request, and a parameter provided with said resource 
access request . 

62. (Original) The program storage device of claim 49, 
said method further comprising receiving said capabilities list 
from at least one of a provider of said application program and 
an owner of said one or more resources . 



63. (Original) The program storage device of claim 4 9 
wherein said capabilities list and said application program are 
comprised in a load package received by said card device. 

64. (Original) The program storage device of claim 49, 
said method further comprising modifying said capabilities list 
based at least in part on a subsequently received capabilities 
update list associated with said application program. 

65. (Original) The program storage device of claim 49, 
said method further comprising deleting said capabilities list 
or link and access rights upon receiving an instruction to 
delete said application program from the outside. 

66. (Original) The program storage device of claim 49 
wherein 

said capabilities list is encrypted; and 
said method further comprises decrypting said 
capabilities list . 
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67. (Original) The program storage device of claim 49 
wherein 

said capabilities list is cryptographically signed by 
at least one of a provider of said application program and 
an owner of said one or more resources; and 
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said method further comprises cryptographically 
authenticating said capabilities list. 

68. (Original) The program storage device of claim 67, 
said method further comprising cryptographically authenticating 
said capabilities list when said capabilities list is stored on 
said device. 



69. (Original) The program storage device of claim 67, 
said method further comprising cryptographically authenticating 
said capabilities list when said capabilities list is accessed, 
said capabilities list being successfully authenticated if a 
first fingerprint computed over said capabilities list upon 
storing capabilities list matches a second fingerprint computed 
over said capabilities list in response to a run-time request 
to use said capabilities list. 

70. (Original) The program storage device of claim 49 . 
wherein said application program comprises a plurality of 
modules . 



71. (Original) The program storage device of claim 49 
wherein said application program comprises a Java application 
program or a Java Card™ applet. 

72. (Original) The program storage device of claim 4 9 
wherein said capabilities list is embodied in a tag-length- 
value (TLV) structure. 
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73. (Currently Amended) An apparatus for controlling a 
card device, the card device for communication with an 
electronic device, the apparatus comprising: 

means for storing , on said card device, an 

application program on oaid card device ; 
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means for storing , on said card device, a 
capabilities list associated with said application program 
on oaid card dcvico , said capabilities list comprising 
information regarding whether access to one or more 
resources for use by said application program is 
permitted ; and 

means for executing , on said card device, said 
application program and a security manager, 

. wherein upon said executing application 
requesting access to at least one of said one or more 
resources, said exeucting security manager #oa? 
selectively grant s granting access to said at least 
one of said one or more resources for use by said 
application program based at least in part on said 
information in said capabilities list. 

74. (Original) The apparatus of claim 73 wherein said 
one or more resources comprise at least one of data and 
functions. 

75. (Original) The apparatus of claim 73 wherein said 
one or more resources comprise one or more resources external 
to said card device. 

76. (Original) The apparatus of claim 75 wherein said 
card device further comprises at least one of: 

terminal side resources; and 
channels of a communications network. 

77. (Original) The apparatus of claim 73 wherein said 
one or more resources comprise one or more resources owned by 
at least one of said application program and another entity. 
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78. (Original) The apparatus of claim 77 wherein said 
other entity comprises at least one of: 

an operating system of said card device; and 
another application program. 

79. (Currently Amended) The apparatus of claim 73 
wherein said information in said capabilities list comprises 
information regarding at least one of: 

access rights; and 

information required for access to a resource. 

80. (Currently Amended) The apparatus of claim 73 
wherein said information included in said memory otorca said 
capabilities list comprises a first capabilities list and said 
apparatus further comprises ; 

means for storing, on said card device, a second 
capabilities list, said first capabilities list comprising 
a handle to link to said second capabilities list. 

81. (Original) The card device of claim 80 wherein said 
second capabilities list is associated with one or more of 
other application programs. 

82. (Original) The apparatus of claim 73 wherein said 
means for executing further comprises said means for requesting 
access to a resource. 
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83. (Original) The apparatus of claim 73 wherein said 
means for executing further comprises: 

said application program transmitting a resource access 
request to said security manager; and 

said security manager transmitting a verify request to 
a verification program to examine said capabilities list to 
determine whether said application program is authorized to 
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access said resource, and performing or denying the 
requested action based at least in part on said examination. 

84. (Original) The apparatus of claim 73 wherein said 
security manager comprises an application program interface 
(API) . 

85. (Original) The apparatus of claim 73 wherein said 
security manager obtains information regarding said requesting 
application program through at least one of inquiring at a 
context originating said resource access request, and a 
parameter provided with said resource access request . 

86. (Original) The apparatus of claim 73, further 
comprising means for receiving said capabilities list from at 
least one of a provider of said application program and an 
owner of said one or more resources . 

87. (Original) The apparatus of claim 73 wherein said 
capabilities list and said application program are comprised by 
in a load package received by said card device. 

88. (Original) The apparatus of claim 73, further 
comprising means for modifying said capabilities list based at 
least in part on a subsequently received capabilities update 
list associated with said application program. 

89. (Original) The apparatus of claim 73, further 
comprising means for deleting said capabilities list or link 
and access rights upon receiving an instruction to delete said 
application program from the outside. 
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90. (Currently Amended) The apparatus of claim 73 
wherein 
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said capabilities list is encrypted; and 
said method apparatus further comprises means for 
decrypting said. capabilities list. 

91. (Currently Amended) The apparatus of claim 73 wherein 
said capabilities list is cryptographically signed by 

at least one of a provider of said application program and 
an owner of said one or more resources; and 

said method apparatus further comprises means for 
cryptographically authenticating said capabilities list, 

92. (Original) The apparatus of claim 91, further 
comprising means for cryptographically authenticating said 
capabilities list when said capabilities list is stored on said 
device . 

93. (Original) The apparatus of claim 91, further 
comprising means for cryptographically authenticating said 
capabilities list when said capabilities list is accessed, said 
capabilities list being successfully authenticated if a first 
fingerprint computed over said capabilities list upon storing 
capabilities list matches a second fingerprint computed over 
said capabilities list in response to a run- time request to use 
said capabilities list. 

94. (Original) The apparatus of claim 73 wherein said 
application program comprises a plurality of modules 

95. (Original) The apparatus of claim 73 wherein said 
application program comprises a Java application program or a 
Java Card™ applet. 
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96. (Original) The apparatus of claim 73 wherein said 
capabilities list is embodied in a tag- length- value (TLV) 
structure . 

97. (Cancelled) 

98. (Cancelled) 

99. (Cancelled) . 

100 . (Cancelled) . 
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